Jinoh Kang (@iamahuman) commented about dlls/ntdll/heap.c:
+ RtlInterlockedPushEntrySList( &bin->groups, (SLIST_ENTRY *)&group->entry ); + } + + return block; +} + +static NTSTATUS heap_allocate_block_lfh( struct heap *heap, ULONG flags, SIZE_T block_size, + SIZE_T size, void **ret ) +{ + struct bin *bin, *last = heap->bins + BLOCK_SIZE_BIN_COUNT - 1; + struct block *block; + + bin = heap->bins + BLOCK_SIZE_BIN( block_size ); + if (ReadNoFence( &heap->compat_info ) != HEAP_LFH) return STATUS_UNSUCCESSFUL; + if (!heap->bins || bin == last) return STATUS_UNSUCCESSFUL; + if (!ReadNoFence( &bin->enabled )) return STATUS_UNSUCCESSFUL; We should ensure that the bin use _happens after_ its activation.
```suggestion:-0+0 /* paired with WriteRelease in bin_try_enable. */ if (!ReadAcquire( &bin->enabled )) return STATUS_UNSUCCESSFUL; ``` -- https://gitlab.winehq.org/wine/wine/-/merge_requests/1628#note_23095